>> Live from Las Vegas, it's theCUBE covering VMworld 2018. Brought to you by VMware and it's ecosystem partners. >> Hey, welcome back everyone, we are live here in the broadcast booth presented by theCUBE. I'm John Furrier co-host with Dave Vellante. VMworld 2018, day three of three days of wall-to-wall coverage. Our 9th year covering VMworld and the VMware ecosystem. It's great to have on theCUBE Tom Corn, who's the Senior Vice President, General Manager of the Security Products from VMware. Welcome to theCUBE, good to see you. >> Thank you! >> We were just bantering before we came on that you are part of building AppDefense, one-year-old product. >> Yes, yeah. >> You're in the nerd nation, if you will. >> (chuckles) Yes. (laughter) >> We say that with all due respect, Tom. >> I take it. >> I had to stay for Stanford since the football opening day is Friday, so we'll be tailgating at Stanford, but Palo Alto VMware, tons of technology in VMware, we covered the radio event, which was first opened to the press this year, we were there. Security's number one. Pat Gelsinger has said on theCUBE so many times, even four years ago, he said security's a do-over. But it's more than a do-over, it's central to how the Cloud and on-premises are working. >> Yes. >> Hybrid Cloud validated by Andy Jassy this week. >> Yes. >> With RDS on VMware on premises, pretty major industry milestone there. You're in the middle of the security leading the team. What's the update for VMware, still pumping on all cylinders? >> Uh, I think this is actually, we're making some of the biggest strides forward in security right now. I think there is such a huge opportunity to not make the mistakes we made in the past, and start with a clean slate, do security the way it really, ultimately, makes sense. At the end of the day, we're really not trying to protect servers or networks, we're trying to protect data and applications. And being able to see things through, look at the infrastructure through the lens of the application, the lens of the data, and align security to that, is a huge opportunity to fundamentally make Cloud more secure than a traditional, sort of physical environment. >> So, we, I got a stat from TrendMicro, just came by theCUBE today on the briefing, they said one in six dollars are being spent outside the organization and buying other SAAS platforms. Cloud certainly, with Shadow IT has caused that. Whether it's DropBox, ADS-Bih instances, just stuff flying up there opening up, potential vulnerabilities. Virtual networking is clearly a part of the architecture with virtual machines. So security is really under a lot of pressure, and Micro Segmentation seems to be a hot topic. This is driving a lot of new value as the architecture shifts to Hybrid Cloud, which is such a Cloud Operations. >> Yeah. >> Infosec teams, Net Ops, are all working together now, but it seems more confusing than ever. Can you clarify how companies are organizing around the Cloud, Hybrid Cloud operating model in Multi-Cloud with security? >> Yeah, so, first it's important to understand the central idea behind micro-segmentation is to provide a mechanism to compartmentalize all the elements that compose an application, a regulatory scope, so that if one thing falls, everything doesn't fall, right? The reality is a perimeter of a data center is so porous in so many dimensions that you cannot, your security strategy can't be predicated on anything inside my data center is just fundamentally secure. I think we live in a state of compromise. Deal with it, right? And so, the notion of compartmentalizing an application allows for a limited lateral movement of attacks. It also provides a policy boundary to say, you know, I can place controls on the boundaries of an application and that boundary may not exist in the physical world, but it does in the virtual world. You know, the best analogy I came up with for this is imagine you had an entire company in a skyscraper, now all the employees were in that skyscraper. You could put guards in the front door of that building, and the instructions for them on who gets in and who gets out, or what looks weird in the lobby, pretty straightforward, okay? Now take the employees and spread them out into parts of floors of different buildings all over the city, fill the building that you had with employees from lots of different companies, now there's a bank, a TGI Friday's, a bowling alley, and the FBI. Now tell those guards what looks weird in the lobby. Like, now tell those guards who should get in. Now, suddenly, it gets really confusing, and the ability to say I want to create a virtual skyscraper that will put all the employees in one place, that's the idea behind micro-segmentation. >> Tom, you talked about the Cloud, the potential for the Cloud to be more secure than the traditional environment. In June, John and I were at the public sector summit, and we heard the CEO of the CIA say Cloud, on our worst day, from a security standpoint, is better than my client server. 'Cos the first time I'd heard client server in about ten years, but nonetheless, >> (laughs) That's the government. >> So, (laughs) my question for you is, in terms of, so his implication was, it's already there. What has to be done to bring that level of security to that hybrid world? >> Yeah. First, I would be careful with that statement. I think we are probably right for the average company, the way a Cloud provider would secure the infrastructure on down, is actually very solid. The application's your problem. The data that's running on it is your problem. And that's not quite the same thing, there's a different set of things about what can get access, how that's isolated for other things. So-- >> Let me make sure I understand that. So you're saying, the infrastructure check, but that's not the story. >> And what's above the operating system, my applications, and how data's flowing on that, and there's no good excuse that oh, it was running on such and such infrastructures or service, it's not my problem. It's still the company's problem, right? >> Right. >> So a lot of the basic things of access control, alignment of controls, policy, those are still, ultimately, in the hands of the customer. Now, I do agree that the opportunity is to make the simpler, less misalignment, less misconfigurations, those are tremendous opportunities of the Cloud. >> But there's some conventional wisdom in the industry that says, you know what, it's a fait accompli you're going to get hacked, so it's all about how you respond. I'm inferring from you that no, that's not the case, that you could actually protect the data if you take an application view. >> Yeah. >> Of course, response is important. >> Yeah, but I feel like there's no perfect solution. I guess maybe the best way to think of security is as a risk management exercise. You're going to spend whatever you're going to spend. The question is, are you spreading that like peanut butter on a bunch of stuff, or are you investing your time, money, and capital in the things that would have the most material reduction in risk? There's a wonderful framework that Gartner came up with that I liked that, and Neil Macdonald from Gartner came up with it, which is the, he calls it the Cloud Workload Protection Framework. He's stack ranked all the things you could do to protect the workload, in order of how much risk it gets rid of. The things at the bottom, the big risks, patching, segmentation, application control, protect the memory, encryption, those are all things that have to do with reducing attack surface as opposed to finding the attack of the day. The stuff at the top, you know, antivirus running for a server inside the data server behind all these walls, it's not, it's marginal residual risk, so the focus of VMware, in the security realm, has been we can not only bake security in, so you're not adding boxes, you're not managing agents. More importantly, we're in this unique position to understand where things are supposed to be. You know, for example, the AppDefense product that we launched last year, you mentioned, and we have a bunch of new stuff here, we're leveraging the hypervisor itself to understand the intention of the applications you loaded on it, and then use the hypervisor to say that's all it can do, nothing else. It flips the model completely from saying I'm going to try to find bad things to I'm going to really understand what good it's supposed to be, and that's all that's allowed. >> So you're narrowing the scope with policy, bascially? >> 100%. >> I mean, so this comes up with IOT, I heard a guy saying these light bulbs that are WiFi-enabled have full, multi-process threads, we don't need it, it's a light bulb. It needs to go on and off, so by bounding, by bounding the apps, that's what you're saying. >> That's exactly right. >> Using virtualization mechanisms to do that. >> Exactly right. We've never used it for this before, but the hypervisor kernel does a bunch of pretty amazing things, we just. It can see what's running, it can see what you provisioned in the first place, it can do that without adding an agent, it can do that in a way that can't be turned off, without a lot of overheard, and it can do almost anything in response. So the central idea behind AppDefense was, let's use it, it will tell you what all your VM's are for, now you have an application view that says here are the applications in your infrastructure divided into services, divided into machines, here's what they're supposed to be, tell us what you want to have happen if what's running doesn't match what you intended. That's it. >> Well, technology's perfectly positioned with that. And Pat was mentioning NSX, and I want to ask about that in a second about NSX. >> Yes. >> But I want to put you on the spot and ask the question that comes up all the time. Two factors in security that's hard to get your arms around. >> Yeah. >> One is, patching. Which, you said, you don't patch stuff, so you don't patch up the whole surface area. Two, social engineering. 'Cos you've got human error whether you pass or not, did I configure the bounding properly, that's a human error, batching, I call human error and social engineering. Those are two factors that are still prevalent in security. >> Absolutely. >> Your thoughts on that? >> Well, you can't patch humans, so that is all weak, and then the thing that we can really advance there is to move increasingly to automation, and do things that, candidly, humans probably aren't the best at doing that, but you can't just automate, old, unreliable processes, that just makes them faster, it doesn't necessarily make them better. >> Yeah. >> I think that the key to a lot of this is, >> Automating a bad process still makes it a bad process. >> Yeah, it's just faster. (chuckles) It's more efficient. >> (chuckles) An efficiently bad process. >> Exactly, exactly right. So, you know, I think a lot of the automation and ability to compartmentalize things and, candidly, a lot of the policies, whether it's for patching, etc, when thought of through the lens of an application as opposed to like, what's our policy for patching the patient care system, how often? Is my patient care system unpatched, is different from saying I've got thousands of machines, and some of them are patched and some of them are not, how do I prioritize which ones I should get. It really does, not only simplify things, but align things to a business outcome, which really, it goes back to a risk management decision a business has. >> Ransomware is a great example to your point earlier, I think you said that off-camera as well, is that, you know, you don't want to attack the same treadmill of problems. So ransomware, one guy said that on theCUBE here at another event said that, ransomware's easy, just patch them back up and you're good. >> Yeah. >> That sounds simple, doesn't it? >> Yeah. It-- >> Surface area, patch it, back it up. >> Yeah. Sometimes there's reasons why the patch, that people just don't roll out the updates to an absolute critical server on the trading floor, sometimes they have challenges. But, you know, interesting enough, yesterday we were showing, we had a live, we did a live attack on stage with Petya, with a live strain or ransomware, throwing it against the machine, we showed why it worked, and we were just using AppDefense to say, all right, let's assume you didn't patch it, AppDefense is going to make sure that application can't do anything you didn't intend it to do, the ransomware doesn't work. And it's not because we understand what malware you had there, it's because the malware, to work, has to change. >> I'm thinking about security strategies in general for organizations. You know, given that credential theft is still such a huge problem, are the things that you can do with analytics, because you may have visibility on certain parts from the infrastructure standpoint, that you can do to maybe not stop credential theft, that's bad human behavior, but to identify some anomalous behavior. What's happening with analytics, and what role, if any, does VMware play? >> Yeah, so, again, the central theme, I suppose, is summed up as, we're trying to say, here's your applications and data, what is intended? On the network with NSX, on the compute stack with AppDefense, Workspace One is trying to address that from a user and a device perspective. And the questions one asks for what your discussing is, is this who they say they are, are they on the list of invites, and are they on a trusted device? And those were traditionally silo decisions, separately. And what we're saying is, it's about answering those things in concert that allow us to spot the stuff that doesn't make sense. It's the ability to answer them in concert that allows you to make that less intrusive into the daily activities of the users. So the work that's happening on Workspace One Intelligence to do analytics looking at the device and how the device is behaving, the user, and how the user is, what indication, what risk do we see? This may not be the person or the risk that they're working from a device I might not trust even if I trust who it is. Either of those might tip me off to say, you know what, I might want to limit what they have access to, or this is the place I need to look at first. Again, I think that starts to clarify and put things in context. >> We were talking off-camera about the infosec team and the IT team, and often they're in silos and not talking to each other. What's the right regime, in terms of what you see in the marketplace, of best practice to approach this problem? >> It sort of depends on the size and scope. But the infosec team, often lead by the Chief Security Officer, often, in most organizations that I deal with, own the security operation center, security architecture, and governs it's risk and compliance. They're mostly looking at setting overall policy, and seeing when things are breaking down, and reacting to it. But as you point out, there's a lot of security happening in the infrastructure teams, whether it's firewalling, segmentation, locking down the computer stack, even things like AV running by end user services teams. They're looking to set policy, and things that are getting in the data path, that are about locking things down, and they need to collaborate. They need to, to be effective, they need to each know their roles and operate from a single source of truth, and that's where it's breaking down. In fact, I would take it a step further. The other group that needs to be part of this conversation is the application team. And as we move to Dev Ops, and the applications change very rapidly, it's going to be increasingly important that they collaborate, and not ignore each other as silos. >> Mm-hmm. >> I want to ask you, I know we've got one more question left, but, I want to get out there. You mentioned adaptive segmentation is an extension of where micro-segmentation is going. A lot of buzz here at VMworld on micro-segmentation. What is adaptive segmentation? >> So it's really the next logical evolution. Which is, we've taken some of the technology that we've built with AppDefense, that can figure out and map out the applications. Now we have manifests that say what these things are for, and we know the patient care system is actually all these machines and how they interact. It's basically saying, why don't we have the system program the micro-segment, and do it in an automated way? Now you have a micro-segment that is automatically and perfectly aligned driven from the application itself. And the other beauty is, the adaptive portion, which says, if the application changes, that's pushed down through puppet or chef or it's, or something is modified through patching, to have the system to be smart enough to see that's an update, and that automatically changed the actual segment, and lock the network and compute down. That's what we're doing there. >> What is the impact to the customer? And what is the impact of that? >> It's simpler. Much faster time to actually go in. It's simpler, and it's a much more accurate representation of the application. You lock things down both from lateral and direct attacks, so it's a big deal. >> Okay, final, final question. I always like to get the final question in here. Tom, tell us about a prediction for 2019. Next year VMworld, what are we going to be talking about? What are going to be the security issues on the table? More of the same, rinse and repeat issues? What is your prediction for 2019 in the security world? Well, you know what, I think security's going to get more complicated before it gets simpler. I think we're on the right path, but there are so many moving parts. I think, one thing, I don't think you're going to start seeing people increasingly open to security being delivered as SAAS. Because there's too many benefits of machine learning across populations of users. I think we're going to start to see security models that are, to fool one of us you've got to fool all of us. I think those are the kinds of things that are going to be the needle mover. >> Sounds a great service, security's a service, theCUBE is a service bringing these three days of wall-to-wall coverage, we'll be back with more on day three coverage. I'm John, for Dave, stay with us for more after this short break.

(upbeat music) >> Hey welcome back everybody, Jeff Frick here with theCUBE. We are live in downtown San Francisco at the RSA conference, RSAC is the hashtag. 40,000 security professionals talking about how to keep us all safe from the bad guys out there and we're excited to be joined by a long time industry veteran, Tom Corn. He's the SVP Security Products from VMware. Tom, welcome. >> Thank you. >> So you've been coming to this show for a while? You've been in the business >> Five years. >> For a while. >> Yes. >> What's kind of your take on the vibe of how this this industry is changing? >> You know it's funny the thing that strikes me when you come to the RSA Conference is at once, how big the industry is and how small the industry is, right? Massive amount of people and it's incredible you walk through the floor if you've been around the industry for any amount of time. How many people you actually you know. It's a small world and a very small community. >> 'Cause they're all here. >> Yeah. >> All 40,000 of them are here. >> They are. They are. >> So big thing that's changed over the last couple of years is Cloud, right? >> Yes. >> And the adoption of cloud in really AWS kind of drive in the public Cloud piece and Salesforce really driving kind of the-- I'm happy with an enterprise application for a Cloudbase application. That wasn't the way before. So how has kind of Cloud impacted the way you think about security? >> Well, I think most of the dialog in Cloud has been how do we secure the Cloud? And I think that's a very valid set of questions in any environment. How am I going to secure this environment? I think the interesting thing that hasn't been talked about as much is is there a way to use the unique properties of the Cloud to secure things? Right? We look to the Cloud and we say, there's all these interesting unique properties automation, a single fabric across a virtualization layer in between applications that are sitting above and the infrastructure, the below. There isn't a lot of dialog until the last maybe year or so in could we use the Cloud and could we use virtualization to secure things? And I think that's actually an enormous opportunity and I'll tell you why. I think that one of the biggest gaps we have in security now is actually an architectural one, right? We're trying to protect applications and data. We're doing it by putting controls of products from around this show floor on machines and on network links. >> Right. >> Right? And those are not the same thing. Aligning controls to the infrastructure is not helping us align them to the applications and data we're trying to protect. And there's, I think, an enormous opportunity to leverage Cloud and virtualization which is actually a translation layer between the two. To really solve this problem in a very very meaningful way. >> So if I'm hearing you right, it's really virtualizing the protection of the data, virtualizing the protection of the-- I don't know if even devices is the right word, right? 'Cause you want to virtualize the devices. You're not really protecting devices. You're protecting the image of a device, I guess. >> Yeah, it's actually allowing us to create, for example, logical boundaries around critical applications and critical data to allow us to align controls to the thing we're protecting. And that's the whole idea behind, for example, micro segmentation which is a very very big move today. This is maybe the best analogy I've heard so far which is-- >> Okay. >> If you think of a data center as a city, when we used to have monolithic stack applications, it was kind of like having an entire application in a skyscraper and it was the only tenant, right? And when you have that, the front of that building, no one in the city could touch any part of that application without going through that door. So access policy was very simple and if I wanted to look at-- well, what looks weird here? If it look normal or weird, someone passing through this door or activity happening there, there's only one tenant. It was a very simple picture. Applications don't look like that. Applications are distributed systems. It's like-- >> Right, right. >> Parts of floors of different buildings in different parts of the city. We've lost-- >> And they're all API based too, right? They're all connected to one another. >> Right, absolutely, absolutely. So that, more than anything, has changed the equation making it despite the fantastic innovation we have across this show floor makes it very difficult for them to do the great job they're capable of doing which is we need somehow to put them in a position to focus 'em, to create a skyscraper, a virtual skyscraper if you will around these critical applications and data. That's one of the biggest opportunities of using the Cloud, of using virtualization to secure things and frankly, what a lot of this whole movement towards micro segmentation is doing. >> So what does that look like? Extending your skyscraper analogy. >> Yeah. >> If it was skyscraper before, what's it going to look like in the future? >> Well as an example, it's about saying this critical application, SAP or some, you know, 3rd gen application is composed of these pieces, these machines, these containers. It's about using the fabric, the overlay, the virtualization or Cloud fabric to create a logical boundary around those. A logical boundary that moves with it, that expands with it, that shrinks with it. If it changes Clouds, it moves with it and it allows you to then say, I want to take the products, whatever security products they want and align them around that boundary. I create a skyscraper again, not by changing my network, not by changing my servers but by creating sort of using just the virtualization layer to create that logical boundary and it's really it's having a really significant impact. It's one of the reasons, I think, as we look to the coming year, this notion of aligning security to applications and the notion of more security innovation coming out of not security companies but infrastructure players and Cloud players, I think it's going to be a thing we're going to see a lot of. >> Alright well I look forward to diggin' more into this because it's always a great innovation when you kind of turn the lens. >> Yeah. >> Right, and reshape the problem in a different-- from a different point of view and that's when you can really see some new opportunies but I know you got to get to your booth. (laughs) So he's Tom Corn. I'm Jeff Frick. You're theCUBE from RSA. Thanks for stopping by Tom. >> My pleasure. >> Alright. See you next time. (upbeat music) (inspirational music)

>> Announcer: From theCUBE Studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE conversation. >> Hello, welcome back to theCUBE's coverage, CUBE Virtual's coverage, CUBE digital coverage, of AWS Summit, virtual online, Amazon Summit's normally in face-to-face all around the world, it's happening now online, follow the sun. Of course, we want to bring theCUBE coverage like we do at the events digitally, and we've got a great guest that usually comes on face-to-face, he's coming on virtual, Sanjay Poonen, the chief operating officer of VMware. Sanjay great to see you, thanks for coming in virtually, you look great. >> Hey, John thank you very much. Always a pleasure to talk to you. This is the new reality. We both happen to live very close to each other, me in Los Altos, you in Palo Alto, but here we are in this new mode of communication. But the good news is I think you guys at theCUBE were pioneering a lot of digital innovation, the AI platform, so hopefully it's not much of an adjustment for you guys to move digital. >> It's not really a pivot, just move the boat, put the sails up and sail into the next generation, which brings up really the conversation that we're seeing, which is this digital challenge, the virtual world, it's virtualization, Sanjay, it sounds like VMware. Virtualization spawned so much opportunity, it created Amazon, some say, I'd say. Virtualizing our world, life is now integrated, we're immersed into each other, physical and digital, you got edge computing, you got cloud native, this is now a clear path to customers that recognize with the pandemic challenges of at-scale, that they have to operate their business, reset, reinvent, and grow coming out of this pandemic. This has been a big story that we've been talking about and a lot of smart managers looking at projects saying, I'm doubling down on that, and I'm going to move the resources from this, the people and budget, to this new reality. This is a tailwind for the folks who were prepared, the ones that have the experience, the ones that did the work. theCUBE, thanks for the props, but VMware as well. Your thoughts and reaction to this new reality, because it has to be cloud native, otherwise it doesn't work, your thoughts. >> Yeah, I think, John, you're right on. We were very fortunate as a company to invent the term virtualization for an x86 architecture and the category 20 years ago when Diane founded this great company. And I would say you're right, the public cloud is the instantiation of virtualization at its sort of scale format and we're excited about this Amazon partnership, we'll talk more about that. This new world of doing everything virtual has taken the same concepts to whole new levels. We are partnering very closely with companies like Zoom, because a good part of this is being able to deliver video experiences in there, we'll talk about that if needed. Cloud native security, we announced an acquisition today in container security that's very important because we're making big moves in security, security's become very important. I would just say, John, the first thing that was very important to us as we began to shelter in place was the health of our employees. Ironically, if I go back to, in January I was in Davos, in fact some of your other folks who were on the show earlier, Matt Garman, Andy, we were all there in January. The crisis already started in China, but it wasn't on the world scene as much of a topic of discussion. Little did we know, three, four weeks later, fast forward to February things were moving so quickly. I remember a Friday late in February where we were just about to go the next week to Las Vegas for our in-person sales kickoffs. Thousands of people, we were going to do, I think, five or 6,000 people in Las Vegas and then another 3,000 in Barcelona, and then finally in Singapore. And it had not yet been categorized a pandemic. It was still under this early form of some worriable virus. We decided for the health and safety of our employees to turn the entire event that was going to happen on Monday to something virtual, and I was so proud of the VMware team to just basically pivot just over the weekend. To change our entire event, we'd been thinking about video snippets. We have to become in this sort of virtual, digital age a little bit like TV producers like yourself, turn something that's going to be one day sitting in front of an audience to something that's a lot shorter, quicker snippets, so we began that, and the next thing we began doing over the next several weeks while the shelter in place order started, was systematically, first off, tell our employees, listen, focus on your health, but if you're healthy, turn your attention to serving your customers. And we began to see, which we'll talk about hopefully in the context of the discussion, parts of our portfolio experience a tremendous amount of interest for a COVID-centered world. Our digital workplace solutions, endpoint security, SD-WAN, and that trifecta began to be something that we began to see story after story of customers, hospitals, schools, governments, retailers, pharmacies telling us, thank you, VMware, for helping us when we needed those solutions to better enable our people on the front lines. And all VMware's role, John, was to be a digital first responder to the first responder, and that gave tremendous amount of motivation to all of our employees into it. >> Yeah, and I think that's a great point. One of the things we've been talking about, and you guys have been aligned with this, you mentioned some of those points, is that as we work at home, it points out that digital and technology is now part of lifestyle. So we used to talk about consumerization of IT, or immersion with augmented reality and virtual reality, and then talk about the edge of the network as an endpoint, we are at the edge of the network, we're at home, so this highlights some of the things that are in demand, workspaces, VPN provisioning, these new tools, that some cases we've been hearing people that no one ever thought of having a forecast of 100% VPN penetration. Okay, you did the AirWatch deal way back when you first started, these are now fruits of those labors. So I got to ask you, as managers of your customer base are out there thinking, okay, I got to double down on the right growth strategy for this post-pandemic world, the smart managers are going to look at the technologies enabled for business outcome, so I have to ask you, innovation strategies are one thing, saying it, putting it place, but now more than ever, putting them in action is the mandate that we're hearing from customers. Okay I need an innovation strategy, and I got to put it into action fast. What do you say to those customers? What is VMware doing with AWS, with cloud, to make those innovation strategies not only plausible but actionable? >> That's a great question, John. We focused our energy, before even COVID started, as we prepared for this year, going into sales kickoffs and our fiscal year, around five priorities. Number one was enabling the world to be multicloud, private cloud and public cloud, and clearly our partnership here with Amazon is the best example of that and they are our preferred cloud partner. Secondly, building modern apps with microservices and cloud native, what we call app modernization. Thirdly, which is a key part to the multicloud, is building out the entire network stack, data center networking, the firewalls, the load bouncing in SD-WAN, so I'd call that cloud network. Number four, the modernization of workplace with an additional workspace solution, Workspace ONE. And five, intrinsic security from all aspects of security, network, endpoint, and cloud. So those five priorities were what we began to think through, organize our portfolio, we call them solution pillars, and for any of your viewers who're interested, there's a five-minute version of the VMware story around those five pillars that you can watch on YouTube that I did, you just search for Sanjay Poonen and five-minute story. But then COVID hit us, and we said, okay we got to take these strategies now and make them more actionable. Exactly your question, right? So a subset of that portfolio of five began to become more actionable, because it's pointless going and talking about stuff and it's like, hey, listen, guys, I'm a house on fire, I don't care about the curtains and all the wonderful art. You got to help me through this crisis. So a subset of that portfolio became kind of what was those, think about now your laptop at home, or your endpoint at home. People wanted, on top of their Zoom call, or surrounding their Zoom call, a virtual desktop managed easily, so we began to see Workspace ONE getting a lot of interest from our customers, especially the VDI part of that portfolio. Secondly, that laptop at home needed to be secured. Traditional, old, legacy AV solutions that've worked, enter Carbon Black, so Workspace ONE plus Carbon Black, one and two. Third, that laptop at home needs network acceleration, because we're dialoguing and, John, we don't want any latency. Enter SD-WAN. So the trifecta of Workspace ONE, Carbon Black and VeloCloud, that began to see even more interest and we began to hone in our portfolio around those three. So that's an example of where you have a general strategy, but then you apply it to take action in the midst of a crisis, and then I say, listen, that trifecta, let's just go and present what we can do, we call that the business continuity or business resilience part of our portfolio. We began to start talking to customers, and saying, here's our business continuity solution, here's what we could do to help you, and we targeted hospitals, schools, governments, pharmacies, retailers, the ones who're on the front line of this and said again, that line I said earlier, we want to be a digital first responder to you, you are the real first responder. Right before this call I got off a CIO call with the CIO of a major hospital in the northeast area. What gives me great joy, John, is the fact that we are serving them. Their beds are busting at the seam, in serving patients-- >> And ransomware's a huge problem you guys-- >> We're serving them. >> And great stuff there, Sanjay, I was just on a call this morning with a bunch of folks in the security industry, thought leaders, was in DC, some generals were there, some real thought leaders, trying to figure out security policy around biosecurity, COVID-19, and this invisible disruption, and they were equating it to like the World Wars. Big inflection point, and one of the generals said, in those times of crisis you need alliances. So I got to ask you, COVID-19 is impactful, it's going to have serious impact on the critical nature of it, like you said, the house is on fire, don't worry about the curtains. Alliances matter more than ever when you need to come together. You guys have an ecosystem, Amazon's got an ecosystem, this is going to be a really important test to the alliances out there. How do you view that as you look forward? You need the alliances to be successful, to compete and win in the new world as this invisible enemy, if you will, or disruptor happens, what's your thoughts? >> Yeah, I'll answer in a second, just for your viewers, I sneezed, okay? I've been on your show dozens of time, John, but in your live show, if I sneezed, you'd hear the loud noise. The good news in digital is I can mute myself when a sneeze is about to happen, and we're able to continue the conversation, so these are some side benefits of the digital part of it. But coming to your question on alliance, super important. Ecosystems are how the world run around, united we stand, divided we fall. We have made ecosystems, I've always used this phrase internally at VMware, sort of like Isaac Newton, we see clearly because we stand on the shoulders of giants. So VMware is always able to be bigger of a company if we stand on the shoulders of bigger giants. Who were those companies 20 years ago when Diane started the company? It was the hardware economy of Intel and then HP and Dell, at the time IBM, now Lenovo, Cisco, NetApp, DMC. Today, the new hardware companies Amazon, Azure, Google, whoever have you, we were very, I think, prescient, if you would, to think about that and build a strategic partnership with Amazon three or four years ago. I've mentioned on your show before, Andy's a close friend, he was a classmate over at Harvard Business School, Pat, myself, Ragoo, really got close to Andy and Matt Garman and Mike Clayville and several members of their teams, Teresa Carlson, and began to build a partnership that I think is one of the most incredible success stories of a partnership. And Dell's kind of been a really strong partner with us on private cloud, having now Amazon with public cloud has been seminal, we do regular meetings and build deep integration of, VMware Cloud and AWS is not some announcement two or three years ago. It's deep engineering between, Bask's now in a different role, but in his previous role, that and people like Mark Lohmeyer in our team. And that deep engineering allows us to know and tell customers this simple statement, which both VMware and Amazon reps tell their customers today, if you have a workload running on vSphere, and you want to move that to Amazon, the best place, the preferred place for that is VMware Cloud and Amazon. If you try to refactor that onto a native VC 2, it's a waste of time and money. So to have the entire army of VMware and Amazon telling customers that statement is a huge step, because it tells customers, we have 70 million virtual machines running on-prem. If customers are looking to move those workloads to Amazon, the best place for that VMware Cloud and AWS, and we have some credible customer case studies. Freddie Mac was at VMworld last year. IHS Markit was at VMworld last year talking about it. Those are two examples and many more started it, so we would like to have every VMware and Amazon customer that's thinking about VMware to look at this partnership as one of the best in the industry and say very similar to what Andy I think said on stage at the time of this announcement, it doesn't have to be now a trade-off between public and private cloud, you can get the best of both worlds. That's what we're trying to do here-- >> That's a great point, I want to get your thoughts on leadership, as you look at COVID-19, one of our tracks we're going to be promoting heavily on theCUBE.net and our sites, around how to manage through this crisis. Andy Jassy was quoted on the fireside chat, which is coming up here in North America, but I saw it yesterday in New Zealand time as I time shifted over there, it's a two-sided door versus a one-sided door. That was kind of his theme is you got to be able to go both ways. And I want to get your thoughts, because you might know what you're doing in certain contexts, but if you don't know where you're going, you got to adjust your tactics and strategies to match that, and there's and old expression, if you don't know where you're going, every road will take you there, okay? And so a lot of enterprise CXOs or CEOs have to start thinking about where they want to go with their business, this is the growth strategy. Then you got to understand which roads to take. Your thoughts on this? Obviously we've been thinking it's cloud native, but if I'm a decision maker, I want to make sure I have an architecture that's going to carry me forward to the future. I need to make sure that I know where I'm going, so I know what road I'm on. Versus not knowing where I'm going, and every road looks good. So your thoughts on leadership and what people should be thinking around knowing what their destination is, and then the roads to take? >> John, I think it's the most important question in this time. Great leaders are born through crisis, whether it's Winston Churchill, Charles de Gaulle, Roosevelt, any of the leaders since then, in any country, Mahatma Gandhi in India, the country I grew up, Nelson Mandela, MLK, all of these folks were born through crisis, sometimes severe crisis, they had to go to jail, they were born through wars. I would say, listen, similar to the people you talked about, yeah, there's elements of this crisis that similar to a World War, I was talking to my 80 year old father, he's doing well. I asked him, "When was the world like this?" He said, "Second World War." I don't think this crisis is going to last six years. It might be six or 12 months, but I really don't think it'll be six years. Even the health care professionals aren't. So what do we learn through this crisis? It's a test of our leadership, and leaders are made or broken during this time. I would just give a few guides to leaders, this is something tha, Andy's a great leader, Pat, myself, we all are thinking through ways by which we can exercise this. Think of Sully Sullenberger who landed that plane on the Hudson. Did he know when he flew that airbus, US Airways airbus, that few flock of birds were going to get in his engine, and that he was going to have to land this plane in the Hudson? No, but he was making decisions quickly, and what did he exude to his co-pilot and to the rest of staff, calmness and confidence and appropriate communication. And I think it's really important as leaders, first off, that we communicate, communicate, communicate, communicate to our employees. First, our obligation is first to our employees, our family first, and then of course to our company employees, all 30,000 at VMware, and I'm sure similarly Andy does it to his, whatever, 60, 70,000 at AWS. And then you want to be able to communicate to them authentically and with clarity. People are going to be reading between the lines of everything you say, so one of the things I've sought to do with my team, all the front office functions report to me, is do half an hour Zoom video conferences, in the time zone that's convenient to them, so Japan, China, India, Europe, in their time zone, so it's 10 o'clock my time because it's convenient to Japan, and it's just 10 minutes of me speaking of what I'm seeing in the world, empathizing with them but listening to them for 20 minutes. That is communication. Authentically and with clarity, and then turn your attention to your employees, because we're going stir crazy sitting at home, I get it. And we've got to abide by the ordinances with whatever country we're in, turn your attention to your customers. I've gotten to be actually more productive during this time in having more customer conference calls, video conference calls on Zoom or whatever platform with them, and I'm looking at this now as an opportunity to engage in a new way. I have to be better prepared, like I said, these are shorter conversations, they're not as long. Good news I don't have to all over the place, that's better for my family, better for the carbon emission of the world, and also probably for my life long term. And then the third thing I would say is pick one area that you can learn and improve. For me, the last few years, two, three years, it's been security. I wanted to get the company into security, as you saw today we've announced mobile, so I helped architect the acquisition of Carbon Black, very similar to kind of the moves I've made six years ago around AirWatch, very key part to all of our focus to getting more into security, and I made it a personal goal that this year, at the start of the year, before COVID, I was going to meet 1,000 CISOs, in the Fortune 1000 Global 2000. Okay, guess what, COVID happens, and quite frankly that goal's gotten a little easier, because it's much easier for me to meet a lot more people on Zoom video conferences. I could probably do five, 10 per day, and if there's 200 working days in a day, I can easily get there, if I average about five per day, and sometimes I'm meeting them in groups of 10, 20. >> So maybe we can get you on theCUBE more often too, 'cause you have access to a video camera. >> That is my growth mindset for this year. So pick a growth mindset area. Satya Nadella puts this pretty well, "Move from being a know-it-all to a learn-it-all." And that's the mindset, great company. Andy has that same philosophy for Amazon, I think the great leaders right now who are running these cloud companies have that growth mindset. Pick an area that you can grow in this time, and you will find ways to do it. You'll be able to learn online and then be able to teach in some fashion. So I think communicate effectively, authentically, turn your attention to serving your customers, and then pick some growth area that you can learn yourself, and then we will come out of this crisis collectively, individuals and as partners, like VMware and Amazon, and then collectively as a society, I believe we'll come out stronger. >> Awesome great stuff, great insight there, Sanjay. Really appreciate you sharing that leadership. Back to the more of technical questions around leadership is cloud native. It's clear that there's going to be a line in the sand, if you will, there's going to be a right side of history, people are going to have to be on the right side of history, and I believe it's cloud native. You're starting to see this emersion. You guys have some news, you just announced today, you acquired a Kubernetes security startup, around Kubernetes, obviously Kubernetes needs security, it's one of those key new enablers, disruptive enablers out there. Cloud native is a path that is a destination opportunity for people to think about, why that acquisition? Why that company? Why is VMware making this move? >> Yeah, we felt as we talked about our plans in security, backing up to things I talked about in my last few appearances on your show at VMworld, when we announced Carbon Black, was we felt the security industry was broken because there was too many point benders, and we figured there'd be three to five control points, network, endpoint, cloud, where we could play a much more pronounced role at moving a lot of these point benders, I describe this as not having to force our customers to go to a doctor and say I've got to eat 5,000 tablets to get healthy, you make it part of your diet, you make it part of the infrastructure. So how do we do that? With network security, we're off to the races, we're doing a lot more data center networking, firewall, load bouncing, SD-WAN. Really, reality is we can eat into a lot of the point benders there that I've just been, and quite frankly what's happened to us very gratifying in the network security area, you've seen the last few months, some firewall vendors are buying SD-WAN players, kind of following our strategy. That's a tremendous validation of the fact that the network security space is being disrupted. Okay, move to endpoint security, part of the reason we acquired Carbon Black was to unify the client side, Workspace ONE and Carbon Black should come together, and we're well under way in doing that, make Carbon Black agentless on the server side with vSphere, we're well on the way to that, you'll see that very soon. By the way both those things are something that the traditional endpoint players can't do. And then bring out new forms of workload. Servers that are virtualized by VMware is just one form of work. What are other workloads? AWS, the public clouds, and containers. Container's just another workload. And we've been looking at container security for a long time. What we didn't want to do was buy another static analysis player, another platform and replatform it. We felt that we could get great technology, we have incredible grandeur on container cell. It's sort of Red Hat and us, they're the only two companies who are doing Kubernetes scales. It's not any of these endpoint players who understand containers. So Kubernetes, VMware's got an incredible brand and relevance and knowledge there. The networking part of it, service mesh, which is kind of a key component also to this. We've been working with Google and others like Istio in service mesh, we got a lot of IP there that the traditional endpoint players, Symantec, McAfee, Trend, CrowdStrike, don't know either Kubernetes or service mesh well. We add now container security into this, we really distinguish ourselves further from the traditional endpoint players with bringing together, not just the endpoint platform that can do containers, but also Kubernetes service mesh. So why is that important? As people think about their future in containers, they'll want to do this at the runtime level, not at the static level. They'll want to do it at build time And they'll want to have it integrated with some of their networking capabilities like service mesh. Who better to think about that IP and that evolution than VMware, and now we bring, I think it's 12 to 14 people we're bringing in from this acquisition. Several of them in Israel, some of them here in Palo Alto, and they will build that platform into the tech that VMware has onto the Carbon Black cloud and we will deliver that this year. It's not going to be years from now. >> Did you guys talk about the-- >> Our capability, and then we can bring the best of Carbon Black, with Tanzu, service mesh, and even future innovation, like, for example, there's a big movement going around, this thing call open policy agent OPA, which is an open source effort around policy management. You should expect us to embrace that, there could be aspects of OPA that also play into the future of this container security movement, so I think this is a really great move for Patrick and his team, I'm very excited. Patrick is the CEO of Carbon Black and the leader of that security business unit, and he came to me and said, "Listen, one of the areas "we need to move in is container security "because it's the number one request I'm hearing "from our CESOs and customers." I said, "Go ahead Patrick. "Find out who are the best player you could acquire, "but you have to triangulate that strategy "with the Tanzu team and the NSX team, "and when you have a unified strategy what we should go, "we'll go an make the right acquisition." And I'm proud of what he was able to announce today. >> And I noticed you guys on the release didn't talk about the acquisition amount. Was it not material, was it a small amount? >> No, we don't disclose small, it's a tuck-in acquisition. You should think of this as really bringing us some tech and some talent, and being able to build that into the core of the platform of Carbon Black. Carbon Black was the real big move we made. Usually what we do, you saw this with AirWatch, right, anchor on a fairly big move. We paid I think 2.1 billion for Carbon Black, and then build and build and build on top of that, partner very heavily, we didn't talk about that. If there's time we could talk about it. We announced today a security alliance with top SIEM players, in what's called a sock alliance. Who's announced in there? Splunk, IBM QRadar, Google Chronicle, Sumo Logic, and Exabeam, five of the biggest SIEM players are embracing VMware in endpoint security, saying, Carbon Black is who we want to work with. Nobody else has that type of partnership, so build, partner, and then buy. But buy is always very carefully thought through, we're not one of these companies like CA of the past that just bought every company and then it becomes a graveyard of dead acquisition. Our view is we're very disciplined about how we think about acquisition. Acquisitions for us are often the last resort, because we'd prefer to build and partner. But sometimes for time-to-market reasons, we acquire, and when we acquire, it's thoughtful, it's well-organized within VMware, and we take care of our people, 'cause we want, I mean listen, why do acquisitions fail? Because the good people leave. So we're excited about this team, the team in Israel, and the team in Palo Alto, they come from Octarine. We're going to integrate them rapidly into the platform, and this is a good evidence of VMware investing more in security, and our Q3 earnings pulled, John, I said, sorry, we said that the security business was a billion dollar business at VMware already, primarily from network, but some from endpoint. This is evidence of us putting more fuel behind that fire. It's only been six, seven months and Patrick's made his first acquisition inside Carbon Black, so you're going to see us investing more in security, it's an important priority for the company, and I expect us to be a very prominent player in these three pillars, network security, endpoint security, endpoint is both client and the workload, and cloud. Network, endpoint, cloud, they are the three areas where we think there's lots of room for innovation in security. >> Well, we'll be watching, we'll be reporting and analyzing the moves. Great playbook, by the way. Love that organic partnering and then key acquisitions which you build around, it's a great playbook, I think it's very relevant for this time. The most important question I have to ask you, Sanjay, and this is a personal question, because you're the leader of VMware, I noticed that, we all know you're into music, you've been putting music online, kind of a virtual band. You've also hired a CUBE alumni, Victoria Verango from McAfee who also puts up music, you've got some musicians, but you kind of know how to do the digital moves there, so the question is, will the music at VMworld this year be virtual? >> Oh, man. Victoria is actually an even better musician than me. I'm excited about his marketing gifts, but I'm also excited to watch him. But yeah, you've heard him sing, he's got a voice that's somewhat similar to Sting, so we, just for fun, in our Diwali, which is an Indian celebration last year, Tom Corn, myself, and a wonderful lady named Divya, who's got a beautiful voice, had sung a song, which was off the soundtrack of the Bollywood movie, "Secret Superstar," and we just for fun decided to record that in our three separate homes, and put that out on YouTube. You can listen, it's just a two or three-minute run, and it kind of went a little bit viral. And I was thinking to myself, hey, if this is one way by which we can let the VMware community know that, hey, you know what, art conquers COVID-19, you can do music even socially distant, and bring out the spirit of VMware, which is community. So we might build on that idea, Victoria and I were talking about that last night and saying, hey, maybe we do a virtual music kind of concert of maybe 10 or 15 or 20 voices in the various different countries. Record piece of a song and music and put it out there. I think these are just ways by which we're having fun in a virtual setting where people get to see a different side of VMware where, and the intent here, we're all amateurs, John, we're not like great. There are going to be mistakes in this music. If you listen to that audio, it sounds a little tinny, 'cause we're recording it off our iPhone and our iPad microphone. But we'll do the best we can, the point is just to show the human spirit and to show that we care, and at the end of the day, see, the COVID-19 virus has no prejudice on color of skin, or nationality, or ethnicity. It's affecting the whole world. We all went into the tunnel at different times, we will come out of this tunnel together and we will be a stronger human fabric when we're done with this, We shall absolutely overcome. >> Sanjay, give us a quick update to end the segment on your thoughts around VMworld. It's one of the biggest events, we look forward to it. It's the only even left standing that theCUBE's been to every year of theCUBE's existence, we're looking forward to being part of theCUBE virtual. It's been announced it's virtual. What are some of the thinking going on at the highest levels within the VMware community around how you're going to handle VMworld this year? >> Listen, when we began to think about it, we had to obviously give our customers and folks enough notice, so we didn't want to just spring that sometime this summer. So we decided to think through it carefully. I asked Robin, our CMO, to talk to many of the other CMOs in the industry. Good news is all of these are friends of ours, Amazon, Microsoft, Google, Salesforce, Adobe, and even some smaller companies, IBM did theirs. And if they were in the first half of the year, they had to go virtual 'cause we're sheltered in place, and IBM did theirs, Okta did theirs, and we began to watch how they were doing this. We're kind of in the second half, because we were August, September, and we just sensed a lot of hesitancy from our customers that wanted to get on a plane to come here, and even if we got just 500, 1,000, a few thousand, it wasn't going to be the same and there would always be that sort of, even if we were getting back to that, some worry, so we figured we'd do something that might be semi-digital, and we may have some people that roam, but the bulk of it is going to be digital, and we changed the dates to be a little later. I think it's September 20th to 29th. Right now it's all public now, we announced that, and we're going to make it a great program. In some senses like we're becoming TV producer. I told our team we got to be like Disney or ESPN or whoever your favorite show is, YouTube, and produce a really good several-hour program that has got a different way in which digital content is provided, smaller snippets, very interesting speakers, great brand names, make the content clear, crisp and compelling. And if we do that, this will be, I don't know, maybe it's the new norm for some period of time, or it might be forever, I don't know. >> John: We're all learning. >> In the past we had huge conferences that were busting 50, 70, 100,000 and then after the dot-com era, those all shrunk, they're like smaller conferences, and now with advent of companies like Amazon and Salesforce, we have huge events that, like VMworld, are big events. We may move to a environment that's a lot more digital, I don't know what the future of in-presence physical conferences are, but we, like others, we're working with AWS in terms of their future with Reinvent, what Microsoft's doing with Ignite, what Google's doing with Next, what Salesforce's going to do with Dreamforce, all those four companies are good partners of ours. We'll study theirs, we'll work together as a community, the CMOs of all those companies, and we'll come together with something that's a very good digital experience for our customers, that's really what counts. Today I did a webinar with a partner. Typically when we did a briefing in our briefing center, 20 people came. There're 100 people attending this, I got a lot more participation in this QBR that I did with this SI partner, one of the top SIs in the world, in an online session with them, than would I have gotten if they'd all come to Palo Alto. That's goodness. Should we take the best of that world and some physical presence? Maybe in the future, we'll see how it goes. >> Content quality. You know, you know content. Content quality drives everything online, good engagement creates community, that's a nice flywheel. I think you guys will figure it out, you've got a lot of great minds there, and of course, theCUBE virtual will be helping out as we can, and we're rethinking things too-- >> We count on that, John-- >> We're going to be open minded to new ideas, and, hey, whatever's the best content we can deliver, whether it's CUBE, or with you guys, or whoever, we're looking forward to it. Sanjay, thanks for spending the time on this CUBE Keynote coverage of AWS Summit. Since it's digital we can do longer programs, we can do more diverse content. We got great customer practitioners coming up, talking about their journey, their innovation strategies. Sanjay Poonen, COO of VMware, thank you for taking your precious time out of your day today. >> Thank you, John, always a pleasure. >> Thank you. Okay, more CUBE, virtual CUBE digital coverage of AWS Summit 2020, theCUBE.net is we're streaming, and of course, tons of videos on innovation, DevOps, and more, scaling cloud, scaling on-premise hybrid cloud, and more. We got great interviews coming up, stay with us our all-day coverage. I'm John Furrier, thanks for watching. (upbeat music)

(upbeat techno music) >> Live, from Las Vegas, it's theCUBE covering VMworld 2018, brought to you by VMware and it's eco-system partners. >> Hello everyone and welcome back to theCUBE's live coverage day three of three days of coverage, VMworld 2018 here in Las Vegas, CUBE wall-to-wall coverage, 94 interviews, two sets, our ninth year covering VMworld, I'm John Furrier with my co-host Stuart Miniman on this segment, our next guest is Milin Desai, who is the Vice President and general manager of Cloud Services at VMware, formerly driving the NSX business, been there for multiple years, eight years. Great to see you, thanks for coming on theCUBE. >> Pleasure to be here. >> So you've seen the evolution, you've been there, you've been in the boat. NSX, on a good path, doing really well, cloud services, very clear visibility on what strategy is. >> Mm-hmm. >> Private and public, hybrid multi-cloud, validated by the leader AWS and Andy Jassy, again for the second year. So pretty clear visibility at least on what the landscape looks like. >> Mm-hmm. Multiple clouds, software driving all the value. What's the cloud services piece that you're running now? Take a minute to explain what the landscape looks like, what's your charter, what are you trying to do, and what's happening with news and announcements? >> Sure, so about two years back we started on this journey around cloud services. And the premise was that, increasingly, there are two trends taking place which is; SaaS delivered experiences for on prem. So how can we deliver SaaS experiences on prem? As well as the partnership with, you know AWS for VMware cloud on AWS. So the two things started coming together both in terms of a product opportunity, which is VMware cloud AWS. But overall delivering our capabilities as SaaS, both hybrid as well as in the public clouds. So cloud services is a portfolio that delivers VMware services from management, to security, to operations, as SaaS services to the private cloud as well as to the public cloud. >> Tom Corn, the Senior Vice President of general security projects, was just on theCUBE today as well before you came on. He said, I asked him for a prediction and I'll ask you at the end too, for a 2019 prediction, but he said, "I see the conversation starting to be "security as a service someday," and he's kind of like connecting the dots a bit. But that proves the point it's a SAS business model. The services need to be consumable and scalable. This is a key design criteria and a product guiding principal right, for you guys? >> Yes, So increasingly SaaS makes it easy. The value benefits on that is I don't need to operate, it just works and I can get the value out of what we are delivering. And that's really what's driving the adoption of SaaS. It's easy to use, it gets you to outcomes quicker, and I don't need to worry about the management elements of that and so whether it's you take our updates to cloud management, we announced Cloud Assembly, Service Broker, and Code Stream, all delivered as SaaS to our hybrid infrastructure as well as if you want to deploy workloads in AWS or Azure, same thing. AppDefense, Tom's product, is delivered as a SaaS service. VMC on AWS is a managed SaaS service. So you're seeing that come together as VMware. The idea is can we bring that experience on prem as well as in the hybrid cloud? >> Yeah, Milin really interesting topic because often what gets lost when we're talking about multi cloud is what really matters, is applications and the data that sits on top of it. Maybe walk through a little bit, my on premises vs my SASified stuff vs the cloud native and PKS. How much of the business is driven from all of these pieces? >> So the majority of our business right now, is on premise software. Where customers are building and operating the infrastructure with our software. Now the first evolution into SAS was actually with our service providers, who are using the subscription model to deliver VMware as a service to their end customers. And then the second iteration of that is VMware cloud on AWS, which is growing really well. Both in terms of adoption as well of number of customers and now you are seeing the next evolution. So I would say from a numbers standpoint it's low, but in terms of number of customers adopting it, that number is high. So whether it's cloud operations with Wavefront or the whole automations suite that was launched, AppDefense. We are starting to see the shift to SAS but I would say the majority of our customers are on on prem software with VMware cloud foundation which includes NSX, and a visualized management portfolio which has been driving the majority of the revenue. >> I got to ask you about NSX relative to the cloud services because one of the things we've been pontificating and analyzing is how multi cloud is really going to work and we always try to compare and contrast to networking because Stu and I love networking and storage and some of the infrastructure stuff but if you go back into the evolution of TCPIP and what that did for the industry and Gelsinger likes to talk about this too, is NSX the kind of enabler that TCPIP was? TCP and then you had IP, created a lot of value, in inter-networking. What does the customer challenge look like when you're doing multi-cloud? It's not trivial it's hard to do. Is there a inter-operability framework, is it NSX? What could that be? >> Great question. I think as we go from private, to public, to the edge the virtual cloud network is what connects it all together and so definitely from within the data center with now the Velo Cloud acquisition the WAN, and then layering it with analytics and observability with visualized network insight, the portfolio of NSX allows you to connect these disparate data islands and operate very seamlessly, in this hybrid cloud world. Now the same construct applies, when you go native public cloud, where you can connect into AWS or an Azure and that's where, again the Velo Cloud acquisition alongside how NSX is extending its security policy, into AWS and Azure so that you can get the same security posture on prem, at the Edge, in VMC on AWS, with our VCP providers, as well as Native AWS and native Azure. So definitely NSX is that connective tissue, that's why we call it the Virtual Cloud Network, connects the Hybrid Cloud to the Multi Cloud. >> Seamlessly? >> Seamlessly. >> One of the feedbacks I get from users is, you know multi-cloud is challenging. There's that big elephant, how do I get my arms around all of the pieces where'll my data lives? Maybe give us an update there. I did have a chat with Joe Kinsella on theCUBE yesterday. So if CloudHealth Technologies fits into that overall cloud management piece, I'm sure it does, and you can give a little bit of guidance? I'd like to understand how that fits. >> Yes, you know we talked a lot about SAS and delivering VMware services as SAS to vSphere customers but there's this other world where people are going native AWS, native Azure, native GCP. The interesting thing I tell folks is it's very easy to consume cloud but as you start consuming it, you start dealing with tens of thousands of objects, across multiple projects, hundreds of projects across thousands of users. And when you start looking at the problem statements, same things, visibility, lack of visibility, resource management, you tend to over provision to in the cloud, right? By now you're paying by the drip so there's a definite impact to the bottom line. End to end observability and then configuration compliance. Think about this, you're operating at 10X in terms of changes, the chances of making a configuration mistake like leaving an S3 bucket open, are quite high. >> We've seen examples of that, too. >> Exactly, many a CIO have been fired because of that issue. So what we've been seeing with our customers is this has become a data problem, right? So the acquisition of CloudHealth allows us to essentially provide a platform that has that data, and then deliver to our customers in the native cloud, visibility, I say cost management so using reserved instances over on demand, resource management, hey your old provision on your elastic block storage we can reduce the storage capacity and save money. I can optimize RDS better. Sequel right sizing in Azure, so resource management becomes very interesting. Returns on a typical customer with CloudHealth are upwards of 60%. When you take that into consideration with real time security configuration, Secure State was just announced in beta, this week so real time security configuration. When that mistake happens with an S3 bucket being open? Sub 10 seconds we will notify the user that there is a mis-configuration in the cloud, please go fix it. >> Yeah, I'm curious, one of the other challenges is when I have, especially using lots of different SAS providers, public cloud, private cloud, data protection is a big challenge there. I know VMware has a lot of ecosystem partners, one of the hottest things over the couple years. Is that primarily an ecosystem play? How does VMware position there? >> Yeah so in the hybrid cloud world, like you said we have a very strong ecosystem, multiple vendors here exhibiting, there will be some default elements that we bring into vSAN to help kind of the basics of data, you know back up and management but we will definitely continue to partner with our ecosystem when it comes to an aggregate stack of data management but there will be pockets of just simple back up capabilities that you'll start seeing in vSAN, I think we announced the beta of that this week. >> Talk about your organization, do the general managers, do you have a profit loss responsibility so do you have revenue? >> Yes. >> Talk about the team, how you guys are set up. How big is the team? What's the focus? >> Our team, there's two elements to my team. One is my team drives cloud service across VMware so there are folks developing services themselves. The size of the team is now 70 strong across product, marketing and engineering. And then I also work with my counterparts like Mark Lohmeyer, AJ Singh who are building services on our common platform, right? And it's an aggregate to the customer, they come to cloud.vmware.com they federate their enterprise identity, they log in, they see our catalog. It's like a Netflix-like catalog. You can subscribe to it, you get a common experience in terms of billing and essentially start using the services. So it's not only what my team builds but an aggregate what VMware is building and offering to our end users. >> And what go to market do you have? Which products are you doing that go to market for? >> It's all of our SAS based cloud services. We collectively drive the go to market for that as a team working with our corporate marketing team. >> Awesome. >> Yep. >> So that would be a combination of VMware on AWS, AppDefense, now Secure State, Wavefront, and very soon CloudHealth. >> Yeah, a lot of pressure. (laughing) >> Do the SAS product share, do they live in like the AWS marketplace, IBM, you know DOC or what? Where can they get all of them? >> Today you go to cloud.vmare.com and subscribe to them. Certain offers are starting to get into AWS Marketplace, so CloudHealth is actually in the AWS marketplace. >> Sure, sure. >> And we are looking at Wavefront, which is a hidden jewel in our portfolio is also we are thinking about how can get it into the respective marketplaces of Azure, GCP, and others. But today if you want to access any of these services, you simply go and trial it by just going to our website and starting a trial. >> So they've given you all the new stuff, make it happen. AWS, VMware, AWS, vice versa. RDS on premises, you doing that as well? >> Yes. RDS on vSphere, since the announce we've had phenomenal conversations over here. >> Yeah, it's really exciting, I think people don't understand how big this is. >> John, I had a phenomenal conversation with Yanbing and Christos from the storage and availability business who just really broke down how all of that worked in detail. >> Yes. >> Yeah. >> The customer interest is high. Someone asked me, why RDS? And they said it's such a hard problem and that was my point exactly, there is such a pain when it comes to managing databases and just like everything else, we started off the conversation, customers want a managed service. They don't want to deal with the intricacies of managing databases, they just want the outcomes from how they access databases. Amazon has solved it very elegantly with RDS, it's one of their most popular services. Why not bring it on prem? So that's been a great engineering partnership we are driving with them, and I'm really excited to bring it to market, shortly. >> Well we're looking forward to keeping in touch, we wanted to actually follow up with you on that. It's a story we're going to be following, certainly developing, it's big news, we love it. Thanks for coming on and spending the time. I got to get you to put a prediction out there for 2019. What do you see happening in 2019 that we're going to be talking about next year at VMworld? Personal prediction, could be a VMware prediction. You've seen a lot of what's going on with NSX, you see what's going on in the big picture, wholistically what is the prediction for 2019? >> It might be a boring prediction, but I fundamentally believe this notion of hybrid being bi-directional in nature. I think you'll see more of that. Even Google announced GKE on vSphere, as an example. So I think you will see more of that come through and it won't be a one way destination conversation that we keep having. And you will see VMware truly be a multicloud company. It won't matter if you're deploying the application in the native cloud, or in a vSphere based cloud. We will help the customer where they land the application. My firm belief is next year when we are here, we'll be talking about stories about how we are helping scale customers in Azure and AWS and GCP on one end, and about how we brought cloud on prem with services like RDS. >> Final question, I'm going to put you on the spot. What do you think is the biggest disruptive enabler for the next 10 years in this bi-directional multi cloud world? Can you point to one this that says, that's going to be the disruptive enabler for the next 10 to 20 years? Is there something out there you can point to, trend, technology, the standard? >> So the way I think about the world is a little bit differently in terms of I truly believe that we are getting inundated by data. I'm not talking about the data that you store in terms of running your business but in terms of the metadata that you run your operations and your infrastructure with. And I believe that the layer that will control that portion, the metadata of infrastructure and applications, we have not even begun to understand where that goes and then you apply AI and ML techniques to that? The idea of, I'll throw a term around here, self driving data centers and self optimizing applications I get really excited but it all begins with that data layer. And we are starting to put the beginning signs with CloudHealth, our private cloud assets to start that process. I'm really excited about how AI/ML meets that data layer to achieve those outcomes. >> It automates IT operations, sounds like automation's coming. Milin, thanks for coming on. Milin Desai, he's the vice president general manager of VMware's cloud services. The hottest area, it's emerging, it's got a lot of attention. We'll be following it, of course, on siliconANGLE and Wikibon and theCUBE. We're day three coverage here in the broadcast booth in Las Vegas in the VM village. I'm John Furrier, Stu Miniman, stay with us for more after this short break. (upbeat techno music)